Firm: Oklahoma securities agency’s computer files breached
OKLAHOMA CITY (AP) — An investigation has been launched after a cybersecurity research team discovered a computer server operated by the Oklahoma agency that protects investors had left millions of files unsecured and open to the public, the agency’s administrator said Thursday.
Oklahoma Department of Securities Administrator Irving Faught said a forensic team is conducting “a thorough and intensive investigation” to determine the type and number of files that may have been exposed by the breach and who may have accessed them. Faught said he hopes to have the results by the end of next week.
Faught says the breach happened during the installation of a computer firewall designed to keep data secure.
“The whole point of this was to prevent any breach and not make it vulnerable,” he said.
The UpGuard Data Breach Research team found that millions of files could have been accessed by virtually anyone. The data included details about FBI investigations and information about those involved in the exchange of financial securities. One database contained about 10,000 Social Security numbers of brokers, UpGuard said.
Data involving FBI investigations “appears to be limited and has minimal association to any ongoing law enforcement activity,” FBI spokeswoman Andrea Anderson said in a statement.
The server had been active and open since at least November, according to UpGuard’s report. Researchers found the server on Dec. 7 and notified the department the next day. Public access to the server was removed immediately but UpGuard said it’s not clear whether anyone else accessed the server.
The oldest data was generated in 1986 and it was most recently modified in 2016, the report said.